What is ModSecurity?
ModSecurity™ is a web application firewall (WAF). With over 70% of all attacks now carried out over the web application level, organizations need every help they can get in making their systems secure. WAFs are deployed to establish an external security layer that increases security, and detects and prevents attacks before they reach web applications. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.
ModSecurity is installed by default with cPanel servers via EasyApache. Your ModSecurity logs will be located at /usr/local/apache/logs/audit_log.
Add your ModSecurity rules
Some basic rules to start with (you can go ahead and copy and paste these if you want):
SecFilter "bcc:|Bcc:|BCc:|BCC:|bCc:|bCC:|bcC:|BcC:" chain
For ModSecurity documentation, please visit their website.